Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.
Published Mar 3, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
Published Mar 15, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
Published Mar 14, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
Published Mar 15, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
Published Mar 15, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions.
Published Mar 24, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb.
Published Mar 3, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context.
Published Mar 15, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.
Published Mar 24, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
Published Mar 14, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
Published Mar 28, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
Published Mar 24, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.
Published Mar 14, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
Published Mar 14, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
Published Mar 14, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
Published Mar 15, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
Published Mar 24, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
Published Mar 24, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
Published Mar 15, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
Published Mar 24, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
Published Mar 24, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
Published Mar 24, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.
Published Mar 24, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
Published Mar 3, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow.
Published Mar 1, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image.
Published Mar 1, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
Published Mar 2, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
Published Mar 23, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.
Published Mar 1, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
Published Mar 23, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.
Published Mar 3, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
Published Mar 2, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
Published Mar 3, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.
Published Mar 3, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
Published Mar 2, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
Published Mar 2, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Published Mar 23, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Published Mar 3, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.
Published Mar 2, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Published Mar 2, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Published Mar 23, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Published Mar 23, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
Published Mar 23, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.
Published Mar 1, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
Published Mar 23, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Published Mar 2, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
Published Mar 23, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.
Published Mar 23, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.
Published Mar 23, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Published Mar 23, 2017 · Updated Aug 6, 2024